def test_sign_serial_increment(self): ezbakeca.EzbakeCA.setup(store=MemoryPersist()) ca = ezbakeca.EzbakeCA() # first cert pkey = ezbakeca.private_key() req = ezbakeca.csr(pkey, CN="App", O="Ezbake", OU="Ezbake Apps", C="US") cert = ca.sign_csr(req) nt.assert_equal(cert.get_subject(), req.get_subject()) nt.assert_equal(cert.get_serial_number(), 2) # second cert pkey = ezbakeca.private_key() req = ezbakeca.csr(pkey, CN="App2", O="Ezbake", OU="Ezbake Apps", C="US") cert = ca.sign_csr(req) nt.assert_equal(cert.get_subject(), req.get_subject()) nt.assert_equal(cert.get_serial_number(), 3)
def test_get_named(self): ca = ezbakeca.EzbakeCA("named") ca.save() ca2 = ezbakeca.EzbakeCA.get_named("named") nt.assert_equal(ca.name, ca2.name) nt.assert_equal(ca.pkey_string(), ca2.pkey_string()) nt.assert_equal(ca.cert_string(), ca2.cert_string()) nt.assert_equals(ca.serial, ca2.serial)
def test_multithread(self): ca = ezbakeca.EzbakeCA("threadingCA") pool = multiprocessing.pool.ThreadPool(processes=5) threads = [] for i in range(5): threads.append(pool.apply_async(issue_n_certs, (ca, range(5)))) vals = [] for t in threads: vals.extend(t.get()) nt.assert_equal(sorted(vals), sorted(list(set(vals))))
def issue_n_certs(ca, r): if isinstance(ca, basestring): ca = ezbakeca.EzbakeCA(ca) serials = [] for i in r: cert = ca.sign_csr( ezbakeca.csr(ezbakeca.private_key(), CN="App{0}".format(i), O="Ezbake", OU="Ezbake Apps", C="US")) serials.append(cert.get_serial_number()) return serials
def setUp(self): self.setup_zookeeper() zoo_host = ":".join(str(x) for x in self.client.hosts[0]) ezConfig = EzConfiguration().getProperties() ezConfig[ EzBakePropertyConstants.ZOOKEEPER_CONNECTION_STRING] = zoo_host ezConfig[caservice.EzCAHandler.CLIENT_CERTS] = "client" ezConfig[caservice.EzCAHandler.CLIENT_CERT_O] = "tmpcerts" # make direcotry for client certs try: os.mkdir('tmpcerts') os.mkdir('tmpcerts/server') os.mkdir('tmpcerts/client') except OSError as e: if e.errno != errno.EEXIST: raise e #caservice.setup_logging(True, ezConfig) # Start the server self.serverProcess = Process(target=caservice.ca_server, args=(ezConfig, ), kwargs={ 'port': 5049, 'host': 'localhost', 'verify_pattern': r"client", "ssldir": "tmpcerts/server" }) self.serverProcess.start() # Starting the server takes a while time.sleep(5) # Write out the client certs ca.EzbakeCA.setup(FilePersist(caservice.EzCAHandler.TABLE_NAME)) cert.Cert.setup(FilePersist(caservice.EzCAHandler.TABLE_NAME)) try: ca_certs = ca.EzbakeCA.get_named("ezbakeca") except KeyError: ca_certs = ca.EzbakeCA(name="ezbakeca") ca_certs.save() client_certs = cert.Cert.get_named("client") with open(os.path.join("tmpcerts/client", "ezbakeca.crt"), 'w') as f: f.write(ca_certs.cert_string()) with open(os.path.join("tmpcerts/client", "application.crt"), 'w') as f: f.write(client_certs.cert_string()) with open(os.path.join("tmpcerts/client", "application.priv"), 'w') as f: f.write(client_certs.pkey_string())
def test_multithread(self): ca = ezbakeca.EzbakeCA("threadingCA") ca.save() pool = multiprocessing.pool.ThreadPool(processes=5) threads = [] for i in range(5): threads.append(pool.apply_async(issue_n_certs, (ca, range(5)))) vals = [] for t in threads: vals.extend(t.get()) ca.save( ) # save since the threads might still be writing the serial file nt.assert_equal(sorted(vals), sorted(list(set(vals))))
def test_sign_csr(self): ca = ezbakeca.EzbakeCA() pkey = ezbakeca.private_key() req = ezbakeca.csr(pkey, CN="App", O="Ezbake", OU="Ezbake Apps", C="US") cert = ca.sign_csr(req) nt.assert_is_instance(cert, crypto.X509) nt.assert_equal(cert.get_subject(), req.get_subject()) nt.assert_equal(cert.get_issuer(), ca.ca_cert.get_subject()) nt.assert_equal(cert.get_serial_number(), 2) nt.assert_equal(cert.get_version(), 2)
def test_create_ca(self): # Create new CA baseCa = ezbakeca.EzbakeCA("TestCA") # Sign 2 certs baseCa.sign_csr( ezbakeca.csr(ezbakeca.private_key(), CN="App", O="Ezbake", OU="Ezbake Apps", C="US")) baseCa.sign_csr( ezbakeca.csr(ezbakeca.private_key(), CN="App", O="Ezbake", OU="Ezbake Apps", C="US")) baseCa.save() # Load the CA from persistence ca = ezbakeca.EzbakeCA.get_named("TestCA") # Next serial should be 3 nt.assert_equal(3, ca.serial)